diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2023-06-02 14:38:30 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2023-06-28 09:15:14 +0000 |
| commit | 0da2f02c1b2a2fb0daca8625a1992ee3a0426f44 (patch) | |
| tree | 9523dcf6d8edfd762fad5f3c01d5488d8d66bcf0 | |
| parent | 12ce57e6d3e770db9ca83a8cbaa8f332515ce3d7 (diff) | |
| download | src-0da2f02c1b2a2fb0daca8625a1992ee3a0426f44.tar.gz src-0da2f02c1b2a2fb0daca8625a1992ee3a0426f44.zip | |
netinet: re-read IP length after PFIL hook
The pfil hook may modify the packet, so before we check its length (to
decide if it needs to be fragmented or not) we should re-read that
length.
This is most likely to happen when pf is reassembling packets. In that
scenario we'd receive the last fragment, which is likely to be a short
packet, pf would reassemble it (likely exceeding the interface MTU) and
then we'd transmit it without fragmenting, because we're comparing the
MTU to the length of the last fragment, not the fully reassembled
packet.
See also: https://redmine.pfsense.org/issues/14396
Reviewed by: cy
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40395
(cherry picked from commit 185c1cddd7ef34db82bc3a25b3c92556416a4e55)
| -rw-r--r-- | sys/netinet/ip_output.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 595957afe146..60aac79886c3 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -705,6 +705,7 @@ sendit: case 0: /* Continue normally */ ip = mtod(m, struct ip *); + ip_len = ntohs(ip->ip_len); break; case -1: /* Need to try again */ |